无法使 prerender.io nginx 配置与 https 重写一起工作
Having trouble getting prerender.io nginx config to work with https rewrite
我想我可能已经忍不住想写这个 nginx 配置了。我是 nginx 配置的新手,我正在尝试编写一个非常复杂的配置(至少对我而言)。任何帮助将不胜感激。
配置需要:
- redirect http $http_x_forwarded_proto to https (https cuts off at the ec2 load balancer)
- work with prerender.io's nginx middleware (seo for crawlable single page application)
- pass any query parameters (
_escaped_fragment_=) from http to https
- redirect all subdomain requests to https://example.com/c/$subdomain
- allow http://example.com/healthcheck.txt to pass through http (load balancer health check)
这是我当前的配置
server {
listen 80;
server_name example.com;
root /var/www/html/dist;
index index.html;
error_log /var/log/mysite/error.log;
access_log /var/log/mysite/access.log;
location /healthcheck.txt {
break;
}
location / {
try_files $uri @prerender;
if ($http_x_forwarded_proto != "https") {
set $urltest N;
}
if ($query_string) {
set $urltest "${urltest}Y";
}
if ($urltest = N) {
rewrite ^(.*)$ https://example.com permanent;
}
if ($urltest = NY) {
rewrite ^(.*)$ https://example.com?$query_string permanent;
}
}
location @prerender {
proxy_set_header X-Prerender-Token MY_TOKEN;
set $prerender 0;
if ($http_user_agent ~* "baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($uri ~ "\.(js|css|xml|less|png|jpg|jpeg|gif|pdf|doc|txt|ico|rss|zip|mp3|rar|exe|wmv|doc|avi|ppt|mpg|mpeg|tif|wav|mov|psd|ai|xls|mp4|m4a|swf|dat|dmg|iso|flv|m4v|torrent|ttf|woff)") {
set $prerender 0;
}
#resolve using Google's DNS server to force DNS resolution and prevent caching of IPs
resolver 8.8.8.8;
if ($prerender = 1) {
#setting prerender as a variable forces DNS resolution since nginx caches IPs and doesnt play well with load balancing
set $prerender "service.prerender.io";
rewrite .* /$scheme://$host$request_uri? break;
proxy_pass http://$prerender;
}
if ($prerender = 0) {
rewrite .* /index.html break;
}
}
}
server {
listen 80;
server_name ~^(?<sub>.+)\.example\.com$ ;
rewrite ^ https://example.com/c/$sub;
}
这适用于项目 1、4 和 5,但项目 2 和 3 无效
- work with prerender.io's nginx middleware
这根本不起作用,但是它在没有 https 重定向的情况下也能起作用
- pass any query parameters (
_escaped_fragment_=) from http to https
有效,但会像这样复制查询参数:?_escaped_fragment_=&_escaped_fragment_=
有人可以提供任何建议吗?
我终于搞定了。我让 SSL 通过负载均衡器到达服务器本身,这样我就不能简单地将 http 重定向到 https 而不必担心负载均衡器造成的复杂性。
这是我更新的配置:
server {
listen 80;
server_name ~^(?<sub>.+)\.example\.com$ ;
if ($sub = 'www') {
return 301 https://$host$request_uri;
}
if ($sub != '') {
rewrite ^ https://example.com/c/$sub;
}
if ($sub = '') {
return 301 https://$host$request_uri;
}
}
server {
listen 443;
server_name example.com;
ssl on;
ssl_certificate /etc/ssl/star_example_com.pem;
ssl_certificate_key /etc/ssl/star_example_com.key;
root /var/www/html/dist;
index index.html;
access_log /var/log/example/ssl.access.log;
error_log /var/log/example/ssl.error.log;
include /etc/nginx/content_redirects.conf;
location / {
try_files $uri @prerender;
}
location @prerender {
proxy_set_header X-Prerender-Token MY_KEY;
set $prerender 0;
if ($http_user_agent ~* "baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Valid
ator") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($uri ~ "\.(js|css|xml|less|png|jpg|jpeg|gif|pdf|doc|txt|ico|rss|zip|mp3|rar|exe|wmv|doc|avi|ppt|mpg|mpeg|tif|wav|mov|psd|ai|xls|mp4|m4a|swf|dat|dmg|iso|flv|m4v|torrent|
ttf|woff)") {
set $prerender 0;
}
#resolve using Google's DNS server to force DNS resolution and prevent caching of IPs
resolver 8.8.8.8;
if ($prerender = 1) {
#setting prerender as a variable forces DNS resolution since nginx caches IPs and doesnt play well with load balancing
set $prerender "service.prerender.io";
rewrite .* /https://$host$request_uri? break;
proxy_pass http://$prerender;
}
if ($prerender = 0) {
rewrite .* /index.html break;
}
}
}
我想我可能已经忍不住想写这个 nginx 配置了。我是 nginx 配置的新手,我正在尝试编写一个非常复杂的配置(至少对我而言)。任何帮助将不胜感激。
配置需要:
- redirect http $http_x_forwarded_proto to https (https cuts off at the ec2 load balancer)
- work with prerender.io's nginx middleware (seo for crawlable single page application)
- pass any query parameters (
_escaped_fragment_=) from http to https- redirect all subdomain requests to https://example.com/c/$subdomain
- allow http://example.com/healthcheck.txt to pass through http (load balancer health check)
这是我当前的配置
server {
listen 80;
server_name example.com;
root /var/www/html/dist;
index index.html;
error_log /var/log/mysite/error.log;
access_log /var/log/mysite/access.log;
location /healthcheck.txt {
break;
}
location / {
try_files $uri @prerender;
if ($http_x_forwarded_proto != "https") {
set $urltest N;
}
if ($query_string) {
set $urltest "${urltest}Y";
}
if ($urltest = N) {
rewrite ^(.*)$ https://example.com permanent;
}
if ($urltest = NY) {
rewrite ^(.*)$ https://example.com?$query_string permanent;
}
}
location @prerender {
proxy_set_header X-Prerender-Token MY_TOKEN;
set $prerender 0;
if ($http_user_agent ~* "baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($uri ~ "\.(js|css|xml|less|png|jpg|jpeg|gif|pdf|doc|txt|ico|rss|zip|mp3|rar|exe|wmv|doc|avi|ppt|mpg|mpeg|tif|wav|mov|psd|ai|xls|mp4|m4a|swf|dat|dmg|iso|flv|m4v|torrent|ttf|woff)") {
set $prerender 0;
}
#resolve using Google's DNS server to force DNS resolution and prevent caching of IPs
resolver 8.8.8.8;
if ($prerender = 1) {
#setting prerender as a variable forces DNS resolution since nginx caches IPs and doesnt play well with load balancing
set $prerender "service.prerender.io";
rewrite .* /$scheme://$host$request_uri? break;
proxy_pass http://$prerender;
}
if ($prerender = 0) {
rewrite .* /index.html break;
}
}
}
server {
listen 80;
server_name ~^(?<sub>.+)\.example\.com$ ;
rewrite ^ https://example.com/c/$sub;
}
这适用于项目 1、4 和 5,但项目 2 和 3 无效
- work with prerender.io's nginx middleware
这根本不起作用,但是它在没有 https 重定向的情况下也能起作用
- pass any query parameters (
_escaped_fragment_=) from http to https
有效,但会像这样复制查询参数:?_escaped_fragment_=&_escaped_fragment_=
有人可以提供任何建议吗?
我终于搞定了。我让 SSL 通过负载均衡器到达服务器本身,这样我就不能简单地将 http 重定向到 https 而不必担心负载均衡器造成的复杂性。
这是我更新的配置:
server {
listen 80;
server_name ~^(?<sub>.+)\.example\.com$ ;
if ($sub = 'www') {
return 301 https://$host$request_uri;
}
if ($sub != '') {
rewrite ^ https://example.com/c/$sub;
}
if ($sub = '') {
return 301 https://$host$request_uri;
}
}
server {
listen 443;
server_name example.com;
ssl on;
ssl_certificate /etc/ssl/star_example_com.pem;
ssl_certificate_key /etc/ssl/star_example_com.key;
root /var/www/html/dist;
index index.html;
access_log /var/log/example/ssl.access.log;
error_log /var/log/example/ssl.error.log;
include /etc/nginx/content_redirects.conf;
location / {
try_files $uri @prerender;
}
location @prerender {
proxy_set_header X-Prerender-Token MY_KEY;
set $prerender 0;
if ($http_user_agent ~* "baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Valid
ator") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($uri ~ "\.(js|css|xml|less|png|jpg|jpeg|gif|pdf|doc|txt|ico|rss|zip|mp3|rar|exe|wmv|doc|avi|ppt|mpg|mpeg|tif|wav|mov|psd|ai|xls|mp4|m4a|swf|dat|dmg|iso|flv|m4v|torrent|
ttf|woff)") {
set $prerender 0;
}
#resolve using Google's DNS server to force DNS resolution and prevent caching of IPs
resolver 8.8.8.8;
if ($prerender = 1) {
#setting prerender as a variable forces DNS resolution since nginx caches IPs and doesnt play well with load balancing
set $prerender "service.prerender.io";
rewrite .* /https://$host$request_uri? break;
proxy_pass http://$prerender;
}
if ($prerender = 0) {
rewrite .* /index.html break;
}
}
}